Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/W9IaaIZmyaPXUAJrA0BcuxANo_U.roa
File:                     W9IaaIZmyaPXUAJrA0BcuxANo_U.roa (raw, json)
Hash identifier:          pp8Xxh3yiPgDrFR6WEvs6TFsPiIHgqanQOCFWl/68Ug=
Subject key identifier:   5B:D2:1A:68:86:66:C9:A3:D7:50:02:6B:03:40:5C:BB:10:0D:A3:F5
Certificate issuer:       /CN=50656cb4777d14b5eb264c6b032c8ba3756f2ae5
Certificate serial:       0194206812EF3096BAB61540C96FDC3AC710
Authority key identifier: 50:65:6C:B4:77:7D:14:B5:EB:26:4C:6B:03:2C:8B:A3:75:6F:2A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UGVstHd9FLXrJkxrAyyLo3VvKuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/W9IaaIZmyaPXUAJrA0BcuxANo_U.roa
Signing time:             Wed 01 Jan 2025 05:47:58 +0000
ROA not before:           Wed 01 Jan 2025 05:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12335
IP address blocks:        212.53.32.0/19 maxlen: 20
                          2a02:2f8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/UGVstHd9FLXrJkxrAyyLo3VvKuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/UGVstHd9FLXrJkxrAyyLo3VvKuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UGVstHd9FLXrJkxrAyyLo3VvKuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:12:ef:30:96:ba:b6:15:40:c9:6f:dc:3a:c7:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50656cb4777d14b5eb264c6b032c8ba3756f2ae5
        Validity
            Not Before: Jan  1 05:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bd21a688666c9a3d750026b03405cbb100da3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d4:4e:0f:8f:11:cd:77:04:fa:80:d4:30:00:
                    20:5c:3b:00:7b:ab:db:c5:1f:95:30:84:08:a3:bf:
                    b9:7e:b2:62:65:32:b9:5d:96:2f:d3:5d:5b:7e:23:
                    d3:a1:f6:32:c8:7d:9b:68:03:18:15:51:87:e9:71:
                    a5:09:65:b9:3e:83:ca:e8:84:c6:e9:22:9d:dd:90:
                    80:6a:42:74:55:08:a5:d7:34:f9:57:97:53:18:2b:
                    bd:3f:72:97:07:25:30:db:9f:5b:07:f7:f4:f1:4d:
                    4b:49:f5:22:1d:04:aa:8e:b0:5d:4f:7f:3e:ed:12:
                    fb:9b:a6:2c:49:b9:b5:c3:1e:30:6e:b5:c8:a3:25:
                    75:73:40:cb:43:f8:90:b0:fb:99:83:85:05:e8:9f:
                    0f:d1:de:00:b6:be:d4:54:e2:6d:63:cd:f2:13:18:
                    51:2d:b5:16:15:ec:80:7a:9e:4d:a1:0b:e1:de:b3:
                    00:23:ea:1b:e3:fe:17:c5:bb:58:3d:50:00:d0:62:
                    67:b3:de:d1:a4:3c:ca:60:6f:ec:3f:fc:2d:a4:87:
                    b0:42:12:b4:03:86:85:be:b6:6d:c4:81:c1:ac:8a:
                    8e:91:f8:d9:54:87:6a:36:17:6f:37:aa:74:a0:bb:
                    6b:56:8c:82:fa:c4:d9:57:e6:7c:62:3e:cf:f3:aa:
                    ef:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D2:1A:68:86:66:C9:A3:D7:50:02:6B:03:40:5C:BB:10:0D:A3:F5
            X509v3 Authority Key Identifier:
                keyid:50:65:6C:B4:77:7D:14:B5:EB:26:4C:6B:03:2C:8B:A3:75:6F:2A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UGVstHd9FLXrJkxrAyyLo3VvKuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/W9IaaIZmyaPXUAJrA0BcuxANo_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/UGVstHd9FLXrJkxrAyyLo3VvKuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.53.32.0/19
                IPv6:
                  2a02:2f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:d8:be:88:0e:12:f2:5a:9d:c0:2a:c2:16:08:be:88:05:03:
         8e:58:bb:07:8b:4d:b8:ad:06:2b:e3:7f:96:24:84:f7:79:90:
         ab:e8:ff:9b:b7:a1:f3:2e:6d:8a:9b:fa:18:5d:be:f9:b8:bf:
         a3:79:7d:78:b1:69:6f:c1:76:d6:82:ea:43:18:28:be:76:73:
         92:ab:eb:7f:49:c0:53:dc:fb:25:aa:59:2e:d7:76:ea:ae:9d:
         1e:70:9f:84:f0:63:a5:be:0e:f2:fd:d4:eb:9e:28:3c:b8:e5:
         0f:f5:76:b6:b5:32:e5:6c:35:ac:9b:e9:e0:2e:03:5a:7b:97:
         7e:ec:c4:73:85:28:53:17:4f:2c:3b:cd:20:a1:cf:6e:cc:f3:
         62:c0:e3:c1:16:76:d3:84:b6:82:0f:8d:d0:87:c0:b2:d4:c3:
         c0:43:ed:6b:98:79:52:d3:af:49:8d:c0:9b:70:50:db:46:38:
         cf:04:60:47:46:8c:88:89:c5:a4:50:59:a2:9f:f0:b9:8b:6f:
         28:b6:35:7a:2f:3c:1a:63:88:d1:f0:f1:ba:61:67:e3:d3:59:
         93:ab:fd:1f:fd:3b:8f:72:57:df:00:f9:a6:5f:8d:cf:e1:0e:
         c1:ce:d3:f3:e5:3e:00:20:2f:e3:22:58:bb:9b:47:97:a9:f2:
         3c:73:50:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaBLvMJa6thVAyW/cOscQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNjU2Y2I0Nzc3ZDE0YjVlYjI2NGM2YjAzMmM4YmEzNzU2
ZjJhZTUwHhcNMjUwMTAxMDU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQyMWE2ODg2NjZjOWEzZDc1MDAyNmIwMzQwNWNiYjEwMGRhM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9ROD48RzXcE+oDUMAAgXDsAe6vb
xR+VMIQIo7+5frJiZTK5XZYv011bfiPTofYyyH2baAMYFVGH6XGlCWW5PoPK6ITG
6SKd3ZCAakJ0VQil1zT5V5dTGCu9P3KXByUw259bB/f08U1LSfUiHQSqjrBdT38+
7RL7m6YsSbm1wx4wbrXIoyV1c0DLQ/iQsPuZg4UF6J8P0d4Atr7UVOJtY83yExhR
LbUWFeyAep5NoQvh3rMAI+ob4/4XxbtYPVAA0GJns97RpDzKYG/sP/wtpIewQhK0
A4aFvrZtxIHBrIqOkfjZVIdqNhdvN6p0oLtrVoyC+sTZV+Z8Yj7P86rviQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFvSGmiGZsmj11ACawNAXLsQDaP1MB8GA1UdIwQY
MBaAFFBlbLR3fRS16yZMawMsi6N1byrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUdWc3RIZDlGTFhySmt4ckF5eUxvM1Z2S3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iMGNkMmUtNDg2NC00YTM0LTgyYTUt
ZTdjNDQ0MzQ2NzYwLzEvVzlJYWFJWm15YVBYVUFKckEwQmN1eEFOb19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iMGNkMmUtNDg2NC00YTM0LTgyYTUtZTdjNDQ0MzQ2NzYw
LzEvVUdWc3RIZDlGTFhySmt4ckF5eUxvM1Z2S3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1DUgMA0E
AgACMAcDBQAqAgL4MA0GCSqGSIb3DQEBCwUAA4IBAQCS2L6IDhLyWp3AKsIWCL6I
BQOOWLsHi024rQYr43+WJIT3eZCr6P+bt6HzLm2Km/oYXb75uL+jeX14sWlvwXbW
gupDGCi+dnOSq+t/ScBT3Pslqlku13bqrp0ecJ+E8GOlvg7y/dTrnig8uOUP9Xa2
tTLlbDWsm+ngLgNae5d+7MRzhShTF08sO80goc9uzPNiwOPBFnbThLaCD43Qh8Cy
1MPAQ+1rmHlS069JjcCbcFDbRjjPBGBHRoyIicWkUFmin/C5i28otjV6LzwaY4jR
8PG6YWfj01mTq/0f/TuPclffAPmmX43P4Q7BztPz5T4AIC/jIli7m0eXqfI8c1Bb
-----END CERTIFICATE-----